Computational Arithmetic Geometry I: Sentences 
Nearly in the Polynomial Hierarchy 1 



o 

J. Maurice Rojas 

E-mail: mamrojas@math.cityu.edu.hk 
Department of Mathematics, Texas A&M University, College Station, Texas 77843-3368, 

USA (after January 2001). 3 

DEDICATED TO GRETCHEN DAVIS. 



We consider the average-case complexity of some otherwise undecidable 
or open Diophantine problems. More precisely, consider the following: 

I Given a polynomial f £Z[v,x,y], decide the sentence 3v ~ix 3y f(v,x,y) = 0, 
with all three quantifiers ranging over N (or Z). 

II Given polynomials /i , . . . , fm £ Z[xi, . . . , x„] with m > n, decide if there 
is a rational solution to /i= • • • =/ m = 0. 

We show that problem (I) can be done within coNP for almost all inputs. 
The decidability of problem (I), over N and Z, was previously unknown. We 
also show that the Generalized Riemann Hypothesis (GRH) implies 
that problem (II) can be solved within the complexity class P NP for 
almost all inputs, i.e., within the third level of the polynomial hierarchy. 
The decidability of problem (II), even in the case m — n — 2, remains open 
in general. 

Along the way, we prove results relating polynomial system solving over 
C, Q, and Z/pZ. We also prove a result on Galois groups associated to 
sparse polynomial systems which may be of independent interest. A prac- 
tical observation is that the aforementioned Diophantine problems should 
perhaps be avoided in the construction of crypto-systems. 



1. INTRODUCTION AND MAIN RESULTS 

The negative solution of Hilbert's Tenth Problem |Mat7C| , |Mat93| has all but 



dashed earlier hopes of solving large polynomial systems over the integers. However, 
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an immediate positive consequence is the creation of a rich and diverse garden of 
hard problems with potential applications in complexity theory, cryptology, and 
logic. Even more compelling is the question of where the boundary to decidability 
lies. 

From high school algebra we know that detecting and even finding roots in Q 
(or Z or N) for polynomials in Z[x±] is tractable. (We respectively use C, K, Q, 
Z, and N for the complex numbers, real numbers, rational numbers, integers, and 
positive integers.) However, in | Jon82 |, James P. Jones showed that detecting roots 
in N 9 for polynomials in Z[x±, . . . ,xg] is already undecidable.^ Put another way, 
this means that determining the existence of a positive integral point on a general 
algebraic hypersurface of (complex) dimension 8 is undecidable. 

It then comes as quite a shock that decades of number theory still haven't settled 
the complexity of the analogous question for algebraic sets of dimension 1 through 
7. In fact, even the case of plane curves remains a mystery:^ As of late 2000, the 
decidability of detecting a root in N 2 , Z 2 , or even Q 2 , for an arbitrary polynomial 
in Z,[xi,X2], is still completely open. 



is NP-complete |AM75 

„2 



they show 



by = c has a solution 



1.1. Dimensions One and Two 

To reconsider the complexity of detecting integral points on algebraic sets of di- 
mension > 1, one can consider subtler combinations of quantifiers, and thus subtler 
questions on the disposition of integral roots, to facilitate finding decisive results. 
For example, Matiyasevich and Julia Robinson have shown [MR74, Jon81] that sen- 
tences of the form 3u 3v Vx 3y f(u,v,x,y) =0 (quantified over N), for arbitrary 
input /sZ[m, v,x, y], are already undecidable. As another example of the richness 
of Diophantine sentences, Adleman and Manders have shown that deciding a very 
special case of the prefix 33 (quantified over '. 
NP-completeness for the set of (a, 6, c) £ N 3 such that ax' 
(x,y)eN 2 . 

However, the decidability of sentences of the form 3v Vx 3y f(v,x,y) = (quan- 
tified over N or Z) was an open question — until recently: In Roj00a | it was shown 
that (over N) these sentences can be decided by a Turing machine, once the input 
/ is suitably restricted. Roughly speaking, deciding the prefix 3V3 is equivalent to 
determining whether an algebraic surface has a slice (parallel to the (x, y)-planc) 
densely peppered with integral points. The "exceptional" / not covered by the 
algorithm of [RojOOa form a very slim subset of Z[w, x, y]. 

We will further improve this result by showing that, under similarly mild input 
restrictions, 3V3 can in fact be decided within coNP. (This improves a PSPACE 
bound which appeared earlier in the proceedings version of this paper ]Roj99a |.) To 
make this more precise, let us write any f £*Z[v,x,y] as f(v, x, y) — ^2 c a v ai x a2 y a3 , 
where the sum is over certain a := (ai, a>2, as) <E Z 3 . We then define the Newton 
polytope of /, Newt(/), as the convex hull off] {a | c a ^0}. Also, when we say that 



4 This is currently one of the most refined statements of the undecidability of Hilbert's Tenth 
Problem. 

5 In particular, the major "solved" special cases so far have only exiiemely ineffective complexity 
and height bounds. (See, e.g., the introduction and references of [R,oj00a|.) 
6 i.e., smallest convex set in M 3 containing... 
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a statement involving a set of parameters {ci, ... , c^} is true genericallyQ we will 
mean that for any MgN, the statement fails for at most 0(N(2M + l)^ -1 ) of the 
(ci, . . . , cm) lying in {—M, . . . , M} . Finally, for an algorithm with a polynomial 
/ € Z[v, x, y] as input, speaking of the dense encoding will simply mean measuring 
the input size as d + a(f), where d (resp. cr(/)) is the total degree^ (resp. maximum 
bit-length of a coefficient) of /. 

Theorem 1.1. Fix the Newton polytope P of a polynomial f £ "L[v,x,y\ and 
suppose that P has at least one integral point in its interior. Assume further that we 
measure input size via the dense encoding. Then, for a generic choice of coefficients 
depending only on P, we can decide whether 3v Vx 3y f(v,x,y) — (with all three 
quantifiers ranging overN orl) within coNP. Furthermore, we can check whether 
an input f has generic coefficients within NC. 



Remark 1.1. It is an open question whether membership in coNP for the prob- 
lem above continues to hold relative to the sparse encoding. We will describe the 
latter encoding shortly. Recall also that NC CPC coNP, and the properness of 
each inclusion is unknown [ Pap9t /. I 

The generic choice above is clarified further in section [|. It is interesting to note 
that the exceptional case to our algorithm for 3V3 judiciously contains an extremely 
hard number-theoretic problem: determining the existence of a point in N 2 on an 
algebraic plane curve. (That 7L\v,y\ lies in our exceptional locus is easily checked.) 
More to the point, James P. Jones has conjectured [Jon81] that the decidabilities 
of the prefixes 3V3 and 33, quantified over N, are equivalent. Thus, while we have 
not settled Jones' conjecture, we have at least now shown that the decidability of 
3V3 hinges on a sub-problem much closer to 33. 

It would be of considerable interest to push these techniques further to prove a 
complexity-theoretic reduction from 3V3 to 33, or from 3V3 to V3. This is because 
these particular reductions would be a first step toward reducing 33V3 to 333, 
and thus finally settling Hilbert's Tenth Problem in three variables. Evidence for 
such a reduction is provided by another result relating (a) the size of the largest 
positive integral point on an algebraic plane curve with (b) detecting whether an 
algebraic surface possesses any integral point: Roughly speaking, it was shown in 
[ RojOOa that the computability of the function alluded to in (a) implies that the 
undccidability of 33V3 occurs only in a family of inputs nearly equivalent to 333. 

As for algebraic sets of dimension zero, one can in fact construct PSPACE 
algorithms to find all rational points |Roj99a . However, deciding the existence 
of rational points, even for algebraic sets of dimension zero, is not yet known to lie 
within the polynomial hierarchy. So let us now consider the latter problem. 



1.2. Dimension Zero 



We can in fact assert a much stronger condition, but this one suffices for our present purposes, 
i.e., the maximum of the sum of the exponents in any monomial term. 
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We will show that deciding feasibility over Q, for most polynomial systems, can 
be done within the polynomial hierarchy, assuming the Generalized^] Riemann 
Hypothesis (GRH) — a famous conjecture from number theory. To clarify this 
statement, let us hrst fix some notation and illustrate some of the difficulties pre- 
sented by rational roots of polynomial systems. We will then describe a quantitative 
result depending on GRH before stating our main results on rational roots. 
Notation ieiF:=(/i, .. . ,/ m ) be a system of polynomials in W,[xi, .. . ,x n ] and let 
Zp be the zero set of F in C n . TTie size of an integer c issize(c) :=l+|~log 2 (|c| + l)] . 
Similarly, the (sparse) size, size(i* 1 ), of the polynomial system F is simply the sum 
of the sizes of all the coefficients and exponents in its monomial term expansion. 

m 

To see why it is not entirely trivial to find the rational roots of a general F in 
time polynomial in the sparse size of F, consider the following two phenomcnac: 

Qi The number of positive integral roots of F can actually be exponential in n: 
A simple example is the system (x\ — 3xi + 2, . . . , x 2 n — 3x n + 2), with sparse size 
0(ri) and root set {1, 2}™. Whether the number of rational roots of F can still be 
exponential in the sparse size of F for fixed n (even n = 2!) is currently unknown. 
■ 

Q2 For any fixed n> 1, the integral roots of F can have coordinates with bit- 
length exponential in size(F), thus ruling out one possible source of NP certificates: 
For example, the system (xi — 2, x% — xf, . . . ,x n — x^-x) has sparse size O(nlogd) 
but has (2, 2 d , . . . , 2 d "~ 1 ) as a root. ■ 



So restricting to deciding the existence of rational roots, as opposed to explicitly 
finding them, may be necessary if one wants complexity sub-exponential in the 
sparse size. Indeed, sub-exponential bounds are already unknown for m = n = 2, 
and even decidability is unknown in the case F := y 2 + ax 3 + bx + c with a, b, c 
arbitrary rational numbers | Sil95 , ch. 8], i.e., the case (m,n) = (l,2). So restricting 
to the case where Zp is zero-dimensional is also crucial. 

On the other hand, when n = 1, it is a pleasant surprise that one can find all 
rational roots in time polynomial in size(F) | Len99(| . (Note that this is not an im- 
mediate consequence of the famous Lenstra-Lenstra-Lovasz factoring algorithm — 
the family of examples x d + ax+b already obstructs a trivial application of the latter 
algorithm.) So in order to extend Lenstra's result to general zero-dimensional alge- 
braic sets, let us consider an approach other than the known PSPACE methods 
of resultants and Grobner bases: reduction modulo specially chosen primes. 

First note that averaging over many primes (as opposed to employing a single 
sufficiently large prime) is essentially unavoidable if one wants to use information 
from reductions modulo primes to decide the existence of rational roots. For ex- 
ample, from basic quadratic residue theory [EW7£], we know that the number of 
roots x\ + 1 mod p is not constant for sufficiently large prime p. Similarly, Galois- 



9 The Riemann Hypothesis (RH) is an 1859 conjecture equivalent to a sharp quantitative 
statement on the distribution of primes. GRH can be phrased as a generalization of this statement 
to prime i deals in an arbitrary number field, and further background on these RH's can be found 
in ]LQ77j jBSQfj. 
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theoretic restrictions are also necessary before using information mod p to decide 
feasibility over Q. 

Example 1.1. Take m = n=l and F = f x = (x\ — 2)(x 2 — 7)(x\ — 14). Clearly, 
F has no rational roots. However, it is easily checked via Legendre symbols \Apo9L , 
ch. 9] that F has a root mod p for all primes p. In particular, note that the Galois 
group here does not act transitively: there is no automorphism of Q which fixes Q 
and sends, say, \[2 to \fl . ■ 



So let us then make the following definition. 

Definition 1.1. Let a(F) denote the maximum bit-length of any coefficient of 
the monomial term expansion of F. Recall thatTr(x) denotes the number of primes 
< x. Let 7Tj?(x) be the variation on 7r(x) where we instead count the number of 
primes p < x such that the mod p reduction of F has a root in Z/pZ. Finally, 
let Nf{x) be the weighted variant of ttf{x) where we instead count the totalf^] 
number of distinct roots of the mod p reductions of F, summed over all primes 
p < x. I 

One can then reasonably guess that behavior of the quantities and/or 

N ^ff for large x will tell us something about the existence of rational roots for 
F. This is indeed the case, but as we will soon see, the convergence of the first 
quantity to its limit is unfortunately too slow to permit any obvious algorithm 
using sub-exponential work. The second quantity will be more important for us 
algorithmically, so let us give new sharpened estimates (depending on GRH) for 
both quantities. 

Definition 1.2. Let O and ei respectively denote the origin and the i— stan- 
dard basis vector of W 1 , and normalize n-dimensional volume so that the stan- 
dard n-simplex (with vertices 0,ei,... ,e n ) has n-volume 1. Also let # denote 
set cardinality and Vp '■= Vo1„(Qf); where Qp is the convex hull of the union of 
{O, ei, . . . , e„} and the set of all exponent vectors of F. M 



Theorem 1.2. Let K:—Q(xi \ (x\, . . . , x n ) eZp , «G {1, . . . , n}) and let rp b^\ 
the number of maximal ideals in the ring Q[x±, . . . , x n ]/(fi, ■ ■ ■ , fn) ■ (In particular, 
rp>\ for f/=Zp>l, and for m = n=l the quantity rp is just the number of distinct 
irreducible factors of f± over Q[xi].) Then the truth of GRH implies the following 
two statements for all x > 33766: 

1. Suppose oo>f^Zp>2 and Gal(if/Q) acts transitively on Zp. Then 

*f(x) A J_\ ( (ffZpl + 1) log 2 x + #Z F \Q{#Z F a(h F )) \ogx \ 
n(x) < v #Zp) \ + J 



10 If the number of roots in Z/pX of the mod p reduction of F exceeds 5, then we add 8 (not 
f2(p)) t q our to tal, where S is as denned in section kj . 

11 ln |Roj99£], rp was incorrectly defined as the number of rational roots of F. 
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2. Suppose 4fZ F >l and dim Z F < n. Then independent of G&\(K/Q), we have 

N F (x) 



TTp(x) 1 , 

-W > I r f-V.i and 

TT{X) 



n(x) 



< b(F, x) 



where 0<b(F, x) < A5lo&2 *+oWh F W-+"S 5 /V*)) '°s^ < a(h F ) < a(h F ) < 
0(M F [a(F)+n\ogd+logm\) , d is the maximum degree of any fi, 5<V F , and M F is 
no larger than the maximum number of lattice points in any translate of (n+ \ )Q F . 
Furthermore, when m<n and 4fZ F <oo, we can replace every occurrence of 8 above 
with ffZ F . Finally, explicit formulae for the asymptotic estimates above appear in 



remarks J^.lt and J^.V,' of section 4 



Remark 1.2. The polytope volume V F , and even the lattice point count M F , are 
more natural than one might think: V F is an upper bound on the number of irre- 
ducible components of Z F (cf. theorem \2. 4 of the next section) and M F = 0{e n V F ) 
I RojOOc , sec. 6.1.1, lem. 2 and rem. 6]. Furthermore, it is easy to show that V F <d n . 
In fact, d n frequently exceeds V F by a factor exponential in n [ RojOOl , RojOOc /. ■ 



Remark 1.3. It seems likely that the quantity 5 from theorem l.i can be replaced 



by the affine geometric degree [KPSOLj and the hypotheses m<n and #Z F <oo 
dropped. (The affine geometric degree agrees with jfZ F when #Z F <oo and can be 
significantly less than V F when ffZ F = oo.) This improvement will be pursued in 
future work. ■ 



The upper bound from assertion (1) appears to be new, and the first lower bound 



from assertion (2) significantly improves earlier bounds appearing in [Koi96, BiirOO] 
which, when rewritten in the shape of our bounds, had leading coefficients of 
or worse. Also, the special case of the first bound from assertion (2) with m <n 
and F forming a reduced regular sequence was independently discovered by Morais 
(see jMor97t thm. F, pg. 11] or jHMPSO0| , thm. 11, pg. 10]). In this special case, 
Morais' bound (which depends on the affine geometric degree) is asymptotically 
sharper than our bound when ffZ F = oo, and our bound is asymptotically sharper 



when ffZ F < oo. We also point out that the bounds from [ Mor97 , thm. F, pg. 11] or 



HMPS00 , thm. 11, pg. 10] are stated less explicitly than our formula in remark 4.16 



of section 4.1, and our proof of theorem 1.2 provides a simpler alternative framework 



which avoids the commutative algebra machinery used in [Mor97, HMPS00 



Part (1) of theorem 1.2 thus presents the main difference between "modular" 



feasibility testing over C and Q: it is known [ Koi96 , thm. 1] that the mod p reduction 
of F has a root in Z/pZ for a density of primes p which is either positive or zero, 
according as F has a root in C or not. (See also RojOOc, sec. 2, thm. 4] for the 
best current quantitative bound along these lines.) The corresponding gap between 
densities is large enough to permit a coarse but fast approximate counting algorithm 
for #P to be used to tell the difference, thus eventually yielding an AM algorithm 
for feasibility over C recently discovered by Pascal Koiran [ Koi96| . (We point out 
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that Koiran's algorithm also relies on the behavior of the function Np, which seems 
to behave better asymptotically than ttf.) On the other hand, part (1) of theorem 
1.2 tells us that the mod p reduction of F has a root in Z/pZ for a density of primes 
p which is either 1 or < 1 — (provided 2 < ffZp < oo), and the lower density 
occurs if F is infeasible over Q in a strong sense. 

Via a P NP constant-factor approximate counting algorithm of Stockmeyer 
HSto85H , we can then derive the following result. 

Theorem 1.3. p| Following the notation and assumptions above, assume further 
that F fails to have a rational root •<=>■ [Zp = $ or Gal(K/Q) acts transitively on 
Zp], Then the truth of GRH implies that deciding whether Zp n Q™ is empty can 
be done within P NP . Furthermore, we can check the emptiness and finiteness of 
Zp unconditionally (resp. assuming GRH) within PSPACE (resp. AMJ. 



We thus obtain a new arithmetic analogue of Koiran's feasibility result over C 
[Koi96|. Indeed, just as we noted for feasibility over Q, the best unconditional 
complexity bound for feasibility over C is PSPACE [Can8£]. However, as we have 
seen, transferring conditional speed-ups from C to 
subtleties. 



presents some unexpected 



Remark 1.4. The truth of GRH has many other consequences in complexity 
theory. For example, the truth of GRH implies a polynomial time algorithm for 



deciding whether an input integer is prime t MU76 }, an AM algorithm for deciding 



whether Zp is empty l Koi9t J, and an AM algorithm for deciding whether Zp is 



finite t Koi97j. 



Recall that NPUBPP C AM C coRP NP C coNP NP C P NP> 



Remark 1.5 
C PH C P# p C PSPACE C EXPTIME 



C 



and the properness of each inclusion 



unknown [ZacSt, BM8L, BF91, Pap9L /. 



,NP 



Remark 1.6. It is quite possible that even without access to an oracle in NP 
the brute-force search implied by the algorithm from theorem at least for a small 
number of primes, may be more practical than the usual tools of resultants and 
Grobner bases. This remains to be checked extensively. M 



Let us close with some observations on the strength of our last two theorems: 
First note that our restrictions on the input F are actually rather gentle: In par- 
ticular, if one fixes the monomial term structure of F and assumes m > n, then 



it follows easily from the theory of resultants GKZ94 , Stu98 , Roj99b | that, for 
a generic choice of the coefficients, F will have only finitely many roots in C n . 
Furthermore, our hypothesis involving Gal(K/Q) holds nearly as frequently. 



12 Thi s theorem corrects an alleged complexity bound of AM, which had an erroneous proof in 
Roj99a| . 
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Theorem 1.4. Following the notation above, assume m>n and fix the monomial 
term structure of F so that Zf 7^ 1 for a generic choice of the coefficients. Then, 
if one restricts to F with integer coefficients of absolute value < c, the fraction 
of such F with 4^Zf < 00 and Gal(if/Q) acting transitively on Zf is at least 
1 — 0(^£). Furthermore, we can check whether Gal(if/Q) acts transitively on Zp 
within EXPTIME or, if one assumes GRH, within p NpNP . 

Thus, if to > n and the monomial term structure of F is such that ^Zp ^ 1 
generically, it immediately follows that at least 1 — 0(t^t) of the F specified above 
have no rational roots. The case where the monomial term structure of F is such 
that f^Zp = 1 generically is evidently quite rare, and will be addressed in future 
work. 

Remark 1.7. A stronger result in the case m = n=l (sans complexity bounds) 
was derived by P. X. Gallagher in [ Gal7^J . Our more general result above fol- 



lows from a combination of our framework here, the Lenstra-Lenstra-Lovasz (LLL) 



algorithm ^LLL8iJ, and an effective version of Hilbert's Irreducibility Theorem of 



Stephen D. Cohen \ G0h8l }. 



Theorems may thus be of independent interest to number theorists, as 



well as complexity theorists. Aside from a geometric trick, the proofs of theorems 
|l.2| - ]l.4| share a particular tool in common with the proof of theorem LI : All four 
proofs make use of some incarnation of effective univariate reduction. 

Theorems [L~l| IlJ are respectively proved in sections 3-6. However, let us first 
review some algorithmic tools that we will borrow from computational algebraic 
geometry and computational number theory. 

2. BACKGROUND TOOLS 

We begin with the following elementary fact arising from congruences. 

Proposition 2.1. If z is any rational root of «o + aixi + ■ ■ ■ + ctdxf £ 1\x\], 
then z = ±- for some divisor b of an and some divisor c of ad- M 



We will also need the following classical fact regarding the factors of a multivariate 
polynomial. 



Lemma 2.1. 



; MigQi. , pgs. 159-161] Suppose /GZ[ti,... ,tjsr] has degree di with 
respect to ti for all i and coefficients of absolute value < c. Then g € Z[ti , . . . , ijv] di- 
vides f ==> the coefficient oft^ 1 ■ ■ ■ tjy in g has absolute value < cY[ ^ 



for any (j 1 
where a :— 



, ]n) € [di]x ■ ■ -x[d N }. In particular, for N = l, o-(g)<a(f) + (d 1 + a) log 2, 
< 0.91798. ■ 



4 log 2 



We point out that the last assertion does not appear in | Mig92 ] , but instead follows 
easily from Stirling's Estimate [Rud76, pg. 200, ex. 20]. 

We will also need some sufficiently precise quantitative bounds on the zero- 
dimensional part of an algebraic set, e.g., good bounds on the number of points 
and their sizes. A recent bound of this type, polynomial in Vf, is the following: 
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Theorem 2.5. [RojOOc, thms. 5 and 6] Following the notation of section 1 
there are univariate polynomials P\ , . . . , P ra , Hf €E Z[t] with the following properties: 

1. The number of irreducible components of Zp is bounded above by the degree 
of hp , deg h p . Furthermore, deg P\ , . . . , deg P n < deg hp< Vp , and deg hp = f^Zp 
when m<n and #Zp < oo . 

2. ^Zp <oo =>■ the splitting field of hp is exactly the field K = Q[i£j | (x\,... ,x n )(£ 
C n is a root of F]. 

3. Let Z' F denote the zero- dimensional part of Zp. Then Pi(xi) — for any 
(x%, . . . , x n ) € Z' F and any i£ {1, . . . , n}. 

4. ,CT(P n )<a(/i i r)=0(M i r[a( J F)+nlogd + logm]). ■ 



Remark 2.8. Quoting ^RojOOc, sec. 6.1.1 lem. 2 and sec. 6.1.3, rem. 9], we 
can actually give explicit upper bounds for <t(/if)- Letting fi (resp. k) denote the 
maximal number of monomial terms in any fi (resp. total number of monomial 
terms in F , counting repetitions amongst distinct fi), the bounds are as follows: 



log j^^4^ {n^\nVp^p- l)/4] 



(Vm( c + \kMp/2})) 



Mf-Vf 



log 



if fn < n, or 

16v / 2 % /7TTT 
e 3 nVp 



a m f (n s / 2 \nV F {VF - l)/£\\ V * {^Ji{m\mV F /2\c+\kM F /2\)) 



Mf-Vf 



form>n> 1, where Alp < e^^^Vp + i\™ =1 (pi + 2) - flLi (Pi + and Pi is 
the length of the projection ofnQp onto the Xi-axis. (Note that e 1 / 8 < 1.3315 and 
i^2< 1.127.; 

Furthermore, if m < n and fj=Zp < oo, then we can replace the underlined oc- 
curences of Vp by JfZp, provided we then add an extra summand of (Vp + a) log 2 
(with a:=2 — 41 3 g2 <0.91798 / ) to our bound for cr(hp). M 



Remark 2.9. The true definition of the quantity Mp depends on a particular 



class of algorithms for constructing the toric resultant (see ; RojOOc J for further 
details on Mp and toric resultants). Thus, Mp is typically much smaller than the 
worst-case bound given above. 



A preliminary version of the above result was announced in the proceedings ver- 



sion of this paper [Roj99a|. Earlier quantitative results of this type, usually with 
stronger hypotheses or less refined bounds, can be found starting with the work of 
Joos Heintz and his school from the late 80's onward. A good reference for these 



earlier results is [KP96] and more recent bounds similar to the one above can be 



found in [KPSOO, prop. 2.11] and [MaiOO, cor. 8.2.3]. There are also more general 



versions of theorem 2.5 applying even to quantifier elimination over algebraically 
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closed fields, but the bounds get looser and the level of generality is greater than 



we need. (These bounds appear in | Koi96 and are a corollary of results from 
[ FGM90fl .) 



An immediate corollary of our quantitative result above is the following upper 
bound on tt{x) — kf{x), which may be of independent interest. 



Corollary 2.1. Following the notation of theorem \2.!\ assume F has a rational 
root. Then the number of primes p for which the mod p reduction of F has no roots 
in Z/pZ is no greater than a* F :=n + Y^i=i a (Pi) — 0{nMp[a{F) + n log d + log to]). 

Proof: Consider the i— coordinate, Xi, of any rational root of F. By theorem 



2.5, and an application of proposition 2.1, the log of the denominator of xi (if 



Xi is written in lowest terms) can be no larger than a {Pi). In particular, this 
denominator must have no more than o~{Pi) + 1 prime factors, since the only prime 
power smaller than e is 2. Since we are dealing with n coordinates, we can simply 
sum our last bound over i and conclude. I 

Let Li(a;) := f 2 j^j- The following result from analytic number theory will be of 
fundamental importance in our quantitative discussions on prime densities. 

Theorem 2.6. The truth of RH implies that, for all x > 2, w{x) is within a 
factor of 1 + of x{^^ + t ^ - ) — • Furthermore, independent of RH, for 
allx>2, Li{x) is within a factor of 1 + ^ of x{^ + - j^. ■ 

The proof can be sketched as follows: One first approximates Li(x) within a 
multiple of 1 + by a;(db + - H^, using a trick from flApo90| , pg. 80]. 



Then, a (conditional) version of the effective Chebotarev Density Theorem, due to 
Oesterle [ |Ocs79 , BS96|] , tells us that the truth of RH implies 



\-k{x) — lA{x)\ < \fx log x, for all x>2. 

So, dividing through by x{-^ + j^t^) - ^ and applying the triangle inequality, 
we obtain our theorem above. 

The remaining facts we need are more specific to the particular main theorems 
to be proved, so these will be mentioned as the need arises. 

Remark 2.10. Henceforth, we will use a stronger definition of genericity: A 
statement involving a set of parameters {ci, . . . , cat} holds generically iff the state- 
ment is true for all (ci, . . . ,Cn)gC n outside of some a priori fixed algebraic hy- 
persurface. That this version of genericity implies the simplified version mentioned 



earlier in our theorems is immediate from Schwartz' Lemma t Sch8L j. 



GENUS ZERO VARIETIES AND THE PROOF OF THEOREM 



1.1 



In what follows, we will make use of some basic algebraic geometry. A more 
precise description of the tools we use can be found in [RojOOa]. Also, we will always 



use geometric (as opposed to arithmetic) genus for algebraic varieties [Har77 



Let us begin by clarifying the genericity condition of theorem |1.1| . Let Zf be the 
zero set of /. What we will initially require of / (in addition to the assumptions on 
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its Newton polytope) is that Zf be irreducible, nonsingular, and non-ruled. Later, 
we will see that a weaker and more easily verified condition suffices. 

Remark 3.11. Ruled surfaces include those surfaces which contain an infinite 
family of lines, for example: planes, cones, one-sheeted hyperboloids, and products 
of a line with a curve. More precisely, an algebraic surface 5CP^ is called ruled 

iff there is a projective curve C , and a morphism ip : S ► C , such that every fiber 

of ip is isomorphic to Pj. . We then call a surface S'CC 3 ( the case which concerns 
us) ruled iff S' is isomorphic to an open subset of some ruled surface in Pg . I 



Lemma 3.1. Following the notation and hypotheses of theorem 1.1, write f(v,x,y) 



S(ai a 2 a 3 )£A c a v ai x a2 y a3 , where A n {x L = 0} ^ for all i. Then, for a generic 
choice of the coefficients (c a ) a eA, Zf is irreducible, nonsingular, and non-ruled. In 
particular, for a generic choice of the coefficients, the set £/:= {uo £ C | {(x,y)€: 
C 2 | f{vo, x, y) =0} is singular or reducible} is finite. 



Proof: First note that our hypothesis on A simply prevents the coordinate hy- 
perplanes from being subsets of Zf. That Zf is irreducible and nonsingular for a 
generic choice of coefficients then follows easily from the Jacobian criterion for sin- 



gularity [ Mum95| . (One can even write the conditions explicitly via „4-discriminants 
JGKZ94 , but this need not concern us here.) 

That Zf is also non-ruled generically follows easily from a result of Askold G. 
Khovanski relating integral points in Newton polyhedra and genera [ Kho78 : His 
result, given the hypotheses above, implies that Zf has positive genus for a generic 
choice of the coefficients. (In fact, the only assumptions necessary for his result 



are the Newton polytope condition stated in theorem 1.1 and the nonsingularity 
of Zf.) The classification of algebraic surfaces [ Bea96 | then tells us that Zf has 
positive genus ==> Zf is non-ruled. 

As for the assertion on Ej, assume momentarily that Zf is irreducible, nonsin- 
gular, and non-ruled. Then by Sard's theorem [Hir94 , Zf n {v = vq} is irreducible 
and nonsingular for all but finitely many vq 6 C. Thus, E/ is finite when Zf is 
irreducible, nonsingular, and non-ruled. 

Since the intersection of any two open Zariski-dense sets is open and dense, we 
are done. ■ 

Lemma 3.2. Following the notation above, the set ofvoGZ such that\/x 3y f(vo, x, 
is contained in E/flZ, whether both quantifiers range overN orl. Furthermore, 
EjflN finite =>• the number of elements of E/ D Z, and the size of each such 
element, is polynomial in the dense encoding. 



Proof: By Siegel's Theorem pil99fl , Vx 3y f(v o ,x,y) = =» Z f r\{v=v } contains 
a curve of genus zero (whether the quantification is over N or Z). 

Now note that for all nonzero G C, the Newton polytope of / (as a polynomial 
in two variables) is a polygon containing an integral point in its interior. So, by 



Khovanski's Theorem [Kho78] once again, ZfH{v = vo} irreducible and nonsingular 
Zf n {v = vq} is a curve of positive genus. 
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Putting together our last two observations, the first part of our lemma follows 
immediately. 

To prove the final assertion, note that the Jacobian criterion for singularity 



Mum95 implies that S/ is simply the set of vo such that (vo,x, y) is a com- 



plex root of the system of equations (/(«o, x,y), a f( v °^ x > y } ; d ^ v °ff' yS> ) has a solution 



dx 

we are 



(x,y) G<C 2 . Thus, E/flN finite is a finite set, and by theorem 2.5 

done. ■ 

Thanks to the following result, we can solve the prefix V3 within coNP. 



Tung's Theorem \Tun87 ] Deciding the quantifier prefix V3 (with all quantifie 



ranging over N or Z) is coNP- complete relative to the dense encoding. M 

The algorithms for V3 alluded in Tung's Theorem are based on some very elegant 
algebraic facts due to James P. Jones, Andrzej Schinzel, and Shih-Ping Tung. We 
illustrate one such fact for the case of V3 over N. 



The JST Theorem [Jon81, Sch8i, Tun81] Given any feZ[x,y], we have that 



Vx By f(x, y) = iff all three of the following conditions hold: 

1. The polynomial f factors into the form fo(x,y) Yli=iiy ~ fi( x )) "where k>l, 
fo(x,y) G Q{x, y] has no zeroes in the ring Q[x], and for all i, fi G Q[x] and the 
leading coefficient of fi is positive. 

2. Vcc G {1, . . . , xo} 3y G N such that f{x 1 y) = 0, where xq = max{si, ... , Sk} and, 
for all i, Si is the sum of the squares of the coefficients of /j. 

3. Let a be the least positive integer such that afi , . . . , afk G 1\x\ and set <?.; :—afi 
for all i . Then the union of the solutions of the following k congruences 

g%(x) = mod a 

gu{x) = mod a is all of Z/aZ. ■ 



The analogue of the JST Theorem over Z is essentially the same, save for the absence 
of condition (2), and the removal of the sign check in condition (1) [Tun87]. 



Proof of Theorem |l . l| : Within this proof, we will always use the dense encod- 
ing. Also note that if we are quantifying over N, then the roots of / on the coor- 
dinate hyperplanes can be ignored and we can assume (multiplying by a suitable 
monomial) that the Newton polytope of / intersects very coordinate hyperplane. 

Assume £/ fl N is finite. This will be our genericity hypothesis and by lemma 
3.1 , and our hypothesis on the Newton polytope of /, this condition indeed occurs 
generically. Furthermore, via Can88| , NR96|, we can check whether E/ is finite 
(and thus whether E/flNor EyflZis finite) within the class NC. It is then clear 
from lemma 3.2 that checking 3V3 can now be reduced to checking an instance of 
V3 for every B eE/nN (or v Q G £/ n Z). 

Our goal will then be to simply use NP certificates for finitely many false V3 
sentences, or the emptiness of £/ n N (or £/ fl Z), as a single certificate of the falsity 
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of 3V3. The emptiness of £/ D N (or PI Z) can also be checked within the class 
NC | Can88| . So by lemma ^2, it sufhces to assume £/ n N is nonempty and then 
check that the size of each resulting certificate is polynomial in the dense size of /. 

Fixing vq eS/HZ, first note that the dense size of f(vo, x, y) is clearly polynomial 
in the dense size of f(v,x,y), thanks to another application of lemma [T^. A 
certificate of Vx 3y f(vo,x,y) ^=0 (quantified over N) can then be constructed via 
the JST Theorem as follows: First, factor / within NC (via, say, |BCGW92|| ). If 
/ has no linear factor of the form y — fi(x), then we can correctly declare that 
the instance of Vx 3y f(vo,x,y) ^ is true. Otherwise, we attempt to give an 
x' G {1, . . . , xq} such that f(x',y) has no positive integral root. Should such an 
x' exist, lemma [2.l| tells us that its size will be polynomial in size(/), so x' is an 
NP certificate. Otherwise, we give a pair (J, t) with 1 < j < k and t £ {0, ... , a} 
such that gj(t) ^ mod a. Exhibiting such a pair gives a negative solution of 
an instance of the covering congruence problem, which is known to lie in NP 
| Tun87| . 

So we have now proved our main theorem in the case of quantification over N. 
The proof of the case where we quantify over Z is nearly identical, simply using the 
aforementioned analogue of the JST Theorem over Z instead. ■ 



Remark 3.12. Note that if f £l[v,y\ then the zero set of f is a ruled surface in 
C 3 . From another point of view, the hypothesis of theorem 1.1 is violated since this 
P has empty interior. Deciding 3V3 for this case then reduces to deciding 33, which 
we 've already observed is very hard. Nevertheless, Alan Baker has conjectured that 
the latter problem is decidable ^JonSl, sec. 5]. H 



Remark 3.13. The complexity of deciding whether a given surface is ruled is 
an open problem. (Although one can check a slightly weaker condition (jfiEf <oo) 
within NC, as noted in our last proof.) It is also interesting to note that finding 
explicit parametrizations of rational surfaces (a special class of ruled surfaces) 
appears to be decidable. Evidence is provided by an algorithm of Josef Schicho 
which, while still lacking a termination proof, seems to work well in practice t Sch9l J. 



4. PRIME DISTRIBUTION: PROVING THEOREM 

The proofs of assertions (1) and (2) will implicitly rely on another quantita- 
tive result on the factorization polynomials, which easily follows from Hadamard's 
inequality jMig92 |. 

Definition 4.3. 
define: 



Given any polynomial f{x\) = o.q + a±xi + • ■ ■ + arjx[ 



we 
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<■!() 




a D 










...where the first D — 1 (resp. 







a D 










last D ) rows of the matrix cor- 
respond to the coefficients of f 





(.11 





a Q 



Da D 




CtD 





(resp. the derivative off). The 


ao 





OtD 




. quantity Af is also known as 





«1 


••■ Dan 










the discriminant of f, and 

vanishes only for polynomials 







oi 




Da D 





with repeated roots [ GKZ94 /• 











ai 




Da D _ 


■ 



Lemma 4.1. Suppose gGZ[xi] is square-free andd:=degg. Then 

log |A 3 | < (26 - l)a(f) + ^1 log(<5 + 1) + - log(<5(2<5 + l)/6). ■ 



The last and most intricate result we will need is the following refined effective 
version of the primitive element theorem. 



2. 



Theorem 4.7. ; RojOOt , thm. 7] Following the notation of theorem 
pick ftf £ Z[t] (satisfying all the properties of hp from theorem \2.$ ), so that there 
also exist a\ , . . . ,o„€N and h\ , . . . , h n eZ[i] with the following properties: 

1. The degrees of hi, ... , h n are all bounded above by deg(h F )<V F . 

2. For any root (£i , . . . , £„) € Z' F of F , there is a root 9 of hp such that h ^ 6 ' > — Ci 
for all i . 

3. For alii, bothlogat andaihi) are bounded above by 0(Vp(j(h F )) and a(h F )~ 
0(a(h F )). U 



Remark 4.14. Quoting (RojOOc, sec. 6.1.5, rem. 11], we can actually make the 
asymptotic bounds above completely explicit: 

a(h) < (28 2 -2S+ l)a(r) + (2S 2 + l)a(h F ) + log[(<5 2 + if (6 + 1) 5+1 (6 2 -6 + 1)} 
and 

logai<8(S-l)a(r) + {S 2 



l)a(hp) + -\og[(S 2 + l) 5 -(S + l) s ], 



where a(r) < \ g(B 2 +6(6~l)/2), B 1 := ■ V(^+ 1 ) 5 ) 5 ' e 2 ^ 1 ^) , 

S:=ma,xdeghi<deghp<V F , a(h F ) < a(h F )+5' log(2n+l) + (V F +a) log 2, 6'<V F , 
a(h F ) is bounded above as in remark 2.8 of section^ and a:=2 — 41 p g2 < 0.91798. 
(So logcti actually admits an upper bound about half as large as the bound for a (hi) .) 

Furthermore, when m < n and #Z F < oo, we can replace every occurence of 6 
and 6' above by #Z F . M 
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Remark 4.15. Earlier quantitative results of this type, e.g., those applied in 



i Koi96 j, had looser and less explicit bounds which were polynomial in d n 



4.1. Proving Assertion (2) of Theorem 1.2 



First let us recall the following refined version of an important result due to Wein- 
berger. 



Theorem 4.8. Following the notation of lemma ^A, suppose g^l^xi] has degree 
S and no factors of multiplicity > 1 . Then the truth of GRH implies that 



NJx) 



n(x) 



< 



2 v ^log(|A 3 |^) + ( 51og|A g | 
U(x) 



for all x>2. 



The original version from |Wei84| had an unspecified constant in place of the 
2. The version above follows immediately from Weinberger's original proof, simply 
using a stronger version of effective Chebotarev than he used, i.e., one replaces 



theorem 1.1 of |LQ77| by a result of Oesterle [Oes79| (see also theorem 8.8.22 of 



| BS96|| ). 

The second (harder) bound of assertion (2) of Theorem [T^ is then just a simple 
corollary of theorems |2.5| and 4.8 . The first bound is an even simpler corollary of 
the second bound. 



Proof of Assertion (2): By theorems 2.5 and 4.7, it immediately follows that 



r F -- 



. (Note that hp is square- free by construction.) It also follows easily that 
the mod p reduction of F has a root in Z/pZ ==> the mod p reduction of Kf has 
a root in Z/pZ. Furthermore, theorem [l.7| tells us that a sufficient condition for 
the converse assertion is that p not divide any of the ai (the denominators in our 
rational univariate representation of Zp). We thus obtain < (x) — Np(x) < 
(5^" =1 (logaj + 1), for all x>0, where 8 :=deg hp. 
Assume henceforth that x>2. We then have 



N F (x) 



n(x) 



r F 



< 



tt(x) 



•hp 



7f(x) 



Combining theorem |4.8| and Oesterle's conditional bound on \tt(x) — Li(x)|, we thus 
obtain that the truth of GRH implies 



N F (x) 



n(x) 



r F 



< 



2Vilog(|At 



8 log | A, 



Li(x) 



By theorem 2.6, and the fact that 



1 



(lograKl+g/loga) 
1 



V^rlogaA 8(^27=1 lo g fl i + n ) 



log X 



Li(x) / Li(x) 
< 1 for all x > 33766, we 



then obtain 
N F (x) 



n(x) 



rF 



< 



2y^l0g(|Ar 



Sl °s\ A h P I + 25 (E"=i lo s a i + n ) 



U(x) 



for all x > 33766. The second bound from assertion (2) then follows immediately 

< (1 + 4/logx) 2 (applying 



4.1 



from lemma 

theorem |2.6| one last time 



, theorem 2.5, and the fact that 



x /log X 
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The first bound of assertion (2) follows immediately from the second bound via 
a simple application of the triangle inequality and the inequality Nf(x) < 8ttf(x). 
■ 

Remark 4.16. Carrying out the last step in detail (and observing that (1 + 
4/logx) 2 <2 for all x> 33766,) it is clear that the asymptotic bound on b(F,x) can 
be replaced by the following explicit quantity: 



25 (log|A A 1+271+2 E? = i log Oi. . , 

+ L ) log a; 



48 log x + 4 log | 



where log | \<(28- l)a(h F ) + ^ log(6+ 1) + 1 log(S(2S+l)/6), 8:=degh F < 



Vf, and hp and loga^ are as in theorem {. r i and remark {.1^ of section 



Furthermore, 



RojOOc, sec. 6.1], we can conclude that every occurence of 8 



can be replaced by #Zp when m<n and #Zf <oo. 



4.2. Proving Assertion (1) of Theorem 1^2 



Here we will need the following result dealing with the density of primes for which 
the mod p reduction of F has a root in Z/pZ. This theorem may be of independent 
interest to computational number theorists. 



Theorem 4.9. Following the notation of theorem j.i , assume #Zf<oo and let 
j F be the fraction of elements of Gal(K/Q) which fix at least one root of F. Then 
the truth of GRH implies that 



n(x) 



3f 



j F {V F \ + 1) log z x + 2[j F V F \ log | A 



< 



a(h F ) + l \ , 



for all x > 33766, where hp is the polynomial from theorem 2.1 and g is the square- 
free part of hp- 



Proof: Let g be the square-free part of the polynomial h p from theorem |2.5| and 
let j g be the fraction of elements of the Galois group of g (over Q) which fix at least 
one root of g, where g is the square-free part of the polynomial hp from theorem 
2.5 . By essentially the same argument as the beginning of the proof of assertion 
(1), we obtain jp —j g . Similarly, we also obtain < ft g {x) — t^f{x) < o~(hp) + 1 for 
all x>2. 

Note that j g is also the fraction of elements of the Galois group which give 
permutations (of the roots of g) possessing a fixed point. Oesterle's (conditional) 



version of effective Chebotarev |Oes79[ BS96[ then tells usR that the truth of GRH 



13 His result is actually stated in terms of conjugacy classes, but since the number of fixed 
points of a Galois group element is stable under conjugacy, we can simply sum over conjugacy 
classes. 
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implies |7r s (x) — j g Li(x)\ < j g y/x(2\og\A\ + 5 logic), where A is the discriminant 
of the splitting field of g and t> is the degree of this field extension over Q. Letting 
5;=degg (which is exactly #Zp by construction), basic Galois theory tells us that 
X><#Zp\. 

By Oesterle's conditional bound on \it(x) — Li(x) | we then obtain 

Wg(x) ~ jgir(x)\ < JgV^i? log |A| + (J> + 1) logx). 

Following essentially the same reasoning as the proof of assertion (2) we then obtain 



ttf{x) 



Tt(x) 



Jf 



j s (5 + l)log 2 x + 2 (j a log | A 



< ■ 



^Mtijlog. 



for all x > 33766. Using the fact that |A| < |A g |° BS96, pg. 259], and applying 



lemma 4.1. we are done. 



Of course, we must now estimate the quantity jp. Fortunately, a good upper 
bound has already been derived by Peter J. Cameron and Arjeh M. Cohen, in 
answer to a 1991 question of Hendrik W. Lenstra. 

Theorem 4.10. Suppose G is any group acting transitively and faithfully on a 
set of N elements and ja is the fraction of elements of G with at least one fixed- 
point. Then ja < 1 — -h ■ ■ 



The proof occupies the second page of [CC92| and requires only some basic group 
representation theory^] The upper bound is tight, but completely classifying the 
next lower values of jc currently requires the classification of finite simple groups 
]GW97 |. The latter classification will not be necessary for our results. 



Proof of Assertion (1): Following the notation of our last proof, recall that g is 



the square-free part of the polynomial hp from theorem 2.5. Then by assumption, 

l 



Vp > #Zf > 2 and S = fj^Zp. Furthermore, by theorems 2.5 and 4.10, jp < 1 



So by theorem 4.£ we are done 



Remark 4.17. From our proofs above we easily see that the asymptotic bound 
from assertion (1) can be replaced by the following explicit quantity: 




(#Z F ! + l)log^ + 2 #Z F !log|A 



#Z F -l 



u(h F ) + l 



logx 



where g is as in our proof above, log|A s | < 2(6 — \)(o~(hp) + (Vp + a)log2) + 
^Mog(J+l) + flog(5(2<5+l)/6) (thanks to lemmata^ and\p\) , a: 



0.91798, and cr(hp) is bounded as in remark 2.8 of section 



4 log 2 



< 



5. THE PROOF OF THEOREM | 



Their paper actually dealt with finding a lower bound for the quantity 1 — ]q. 
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Our algorithm essentially boils down to checking whether rp > 2 or rp = 1, 
following the notation of theorem Via our initial assumptions on F, we will 
see that this is the same as checking whether F as a rational root or not. 

Remark 5.18. It is at this point that we must slightly alter our defintion of Np: 
As we sum the number of roots in Z/pZ of the mod p reductions of F, we instead 
add Vp to our total for each p where this number of roots exceeds Vp . This ensures 
that Np can actually be computed within #P, since Vp can be computed within #P 
(see below). It is unknown whether the same is true for the quantity S in our initial 
definition of Np . M 



Our algorithm proceeds as follows: First check whether Zp is empty. If so, then 
we immediately know that Zp D Q n is empty and we are done. Otherwise, approx- 
imate Np{M) and 7r(M) within a factor of |, where M is an integer sufficiently 
larger than 33766 so that b(F, M) < j^. Respectively calling these approximations 
N and ff , we then do the following: If N < (|) 2 7r, declare ZpC\Q n empty. Otherwise, 
declare Zp Q n nonempty. 

That our algorithm works is easily checked. First note that N < (|) 2 7f 
N J(j^ < (|) 4 - So by theorem |l.2| , our assumption on b(F,M) implies that the 
last inequality occurs iff rp = 1. (Note that we need GRH at this point.) Via 



theorem 4.7, and our earlier proofs, we know that rp =r^ p . So by [Jac85, thm 



4.14], we have that Gal(K/Q) acts transitively on Zp iff hp is irreducible over Q 
(or equivalently, rp^r^^ = 1). So by our initial assumptions on F, rp — 1 iff F has 
no rational roots. Thus, we now need only check the complexity of our algorithm. 

That the emptiness and finiteness of Zp can be checked within PSPACE un- 
conditionally goes back to [Can88 . That the truth of GRH implies both bounds 
can be lowered to AM is proved respectively in Koi96 | and | Koi97 |. So now we 
need only check the complexity of computing M , N , and ff. 

It follows immediately from | Pra75[ that Np(x) and tt(x) can be computed within 
ffP. Also, via [|GK94f , Vp can be computed within =#=P as well. Furthermore, via 
theorems L2 and |2.5| (and the fact that 0<log Vp <n\ogd), the number of bits of 
M is polynomial in the size of F. So by | Sto85 |, M, N, and n can be computed 
within P NP . Therefore, our algorithm runs within P NP 7 assuming GRH. ■ 

Remark 5.19. It is an open problem whether theorem^ continues to hold under 
the weaker condition that the real dimension of Zp is at most zero. I 



6. THE PROOF OF THEOREM [17^ 

If m>n then it follows easily from Schwartz' Lemma [ |5ch80 that F has no roots 
for at least a fraction of 1 — 0(-) of our F. So we can assume m = n. 

Consider now the toric resultant, 1Z, of /i, . . . , /„ and uo + u\X\ + ■ • • + u n x n . 
(The classical resultant of Macaulay would suffice to prove a weaker version of 
our theorem here for a more limited family of monomial term structures.) Then, 
for indeterminate coefficients, TZ is a nonzero irreducible polynomial over Z adjoin 
uq, . . . ,u n and the coefficients of F. More importantly, if the coefficients of F are 
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constants, 1Z is divisible by u — (Ci^i H H Cn u n), for any root (Ci , ■ ■ ■ , Cn) € C" 

of F. 

If it happens that 1Z (in fully symbolic form) is the constant 1, then it follows 
from the degree formula for the toric resultant | GKZ94 | that Zp is empty for a 
generic choice of the coefficients and there is nothing to prove. So let us assume 1Z 
is not identically 1 in its full symbolic form. 

By | Coh81 | it then follows that a fraction of at most C(^r) of the F whose 
coefficients are rational numbers of (absolute multiplicative) height < c result in 
1Z being a reducible polynomial over . . . , u n \. By rescaling, this easily implies 

that at most 0(=^£) of the F whose coefficients are integers of absolute value <c 
result in 1Z being reducible over Q[uo, ■ ■ . , u n ]. 

We now observe (say from [RojOOc, sec. 6]) that the polynomial hp from theorem 
2.5 is nothing more than the resultant 7Z, for suitably chosen u%, . . . , u n . (So in 
particular, TZ irreducible and nonzero =>• j^Zp <oo.) So let us apply the Effective 
Hilbert Irreducibility Theorem from [Coh81] one more time to obtain such a choice 
of ui, . . . ,u n . 

We then obtain that the fraction of our F for which #Zp < oo and hp is irre- 
ducible over Q is at least 1 - 0(^S). By |Jac85| , thm. 4.14], hp is irreducible iff 
its Galois group acts transitively on its roots. So by theorem |2.5| , our first assertion 
is proved. 

That Gal(if/Q) acts transitively on Zp can be checked within P NP (assum- 
ing GRH) is already clear from the proof of theorem [|. To obtain the uncondi- 
tional complexity bound, it clearly suffices to factor hp within EXPTIME and 
see whether hp is irreducible. Since theorem |2.5| tells us that the dense size of hp is 
exponential in size(F), we can conclude via an application of the polynomial-time 
LLL factoring algorithm from [LLL82]. ■ 
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